SORC

2022
Global DDoS
Attack Landscape
Report
2022 Global
DDoS Attack
Landscape
Key Findings
01 02
Attacks greater than 100 Gbps
increased by more than 50% year
on year, representing an attack
The number of DDoS attacks in over 100 Gbps every hour on
2022 increased by 273% average. The attack peak
compared to 2021. DDoS threats exceeded 1 Tbps in six months,
have maintained consistent and UDP-based attacks were the
growth over the past four years. most common. About one-third of
terabit attacks were reflective
UDP attacks, while the rest were
mainly non-reflective UDP attacks.
03 04
DDoS attacks against critical
Southeast Asia was the attack infrastructure were on the rise.
hotspot. North America was the Hacking gangsters have the
predominant source of application- ability to exploit critical
layer DDoS attack traffic. Peru was vulnerabilities at any time to
hit hardest by application-layer expand their botnet for DDoS
DDoS attacks. attacks, which poses a great
threat to critical infrastructure.
TABLE OF CONTENTS
1. Global DDoS Attack Trends........................................................................ 2
DDoS Attacks Increased Dramatically..................................................................... 2
High-Volume DDoS Attacks Were on the Rise ........................................................ 2
DDoS Attack Targets Became More Specific and Attacks Were More Persistent
Year over Year ....................................................................................................... 4
Southeast Asia Remained a Hotspot for Cyberattacks............................................ 4
North America Was a Predominant Source of Application-layer DDoS Attack
Traffic..................................................................................................................... 4
Peru Was Hit Hardest by Application-layer DDoS Attacks ...................................... 5
DDoS Attacks Increasingly Targeted Critical Infrastructure .................................... 5
2. Attack Vectors ............................................................................................ 6
UDP-based Attacks Were Favored by Hackers ....................................................... 6
UDP Fragment Flood Stood Out ............................................................................ 7
Cloud9 Malicious Add-on, a New Attack Tool, Emerged for Remote Control ......... 7
Attackers Focused on Remote Login and Web Application Services ...................... 7
The "Quick Spike" Attack Tactic Continued to Take Dominance ............................ 8
3. Botnet Analysis ........................................................................................... 9
Distribution of Botnet Attack Activities .................................................................. 9
Bot Distribution ..................................................................................................... 9
Botnet Command-and-Control Server Analysis ..................................................... 10
Analysis of Botnet Attack Instructions .................................................................. 11
The United States Became the Top Target for Botnet DDoS Attacks ................... 12
4. Defense and Protection Confrontation Cases .......................................... 13
Case 1: Protecting a Customer Against a Multi-Vector Volumetric DDoS Attack .. 13
Case 2: Reflection/Amplification Attack Exploiting CVE-2022-26143 ................... 14
Case 3: Large-Scale UDP Flood DDoS Attacks...................................................... 14
5. Mitigation Challenges and Recommendations ......................................... 17
Challenge 1 .......................................................................................................... 17
Challenge 2 .......................................................................................................... 17
6. About NSFOCUS Cloud DPS .................................................................... 18
PAGE 1
1. Global DDoS Attack Trends
DDoS Attacks Increased Dramatically
The data shows that DDoS attacks in 2022 increased by 273% compared to 2021. Except January, DDoS attacks in each
month of 2022 increased significantly compared to 2021. May, September, and October saw the most DDoS attacks.
DDoS attack trends (2021 and 2022)
High-Volume DDoS Attacks Were on the Rise
In 2022, the number

of terabit-level DDoS
attacks was
approximately 40,
and the attack peak
exceeded 1 Tbps in
six months.
Distribution of peak DDoS attack traffic by month in 2022
PAGE 2
Terabit-level attacks emerged most in
June to July and November to December,
accounting for 94% in 2022.
Distribution of terabit-level DDoS attack traffic by month in 2022
In 2022, the number of attacks

greater than 100 Gbps hit a
record high, with a year-on-year
increase of more than 50%. On
average, an attack exceeding
100 Gbps happened every hour.
Trend of high-volume DDoS attack traffic larger than 100 Gbps
High-volume attacks larger than 100

Gbps continued to rise since
February, and August recorded the
peak, about three times the count in
February.
Trend of high-volume DDoS attack traffic over 100 Gbps by month in 2022
PAGE 3
DDoS Attack Targets Became More Specific and Attacks Were
More Persistent Year over Year
The analysis on the attacked frequency of targets

reveals that the number of repeatedly attacked IP
addresses in 2022 was significantly greater than that
in 2021. DDoS attacks against a single target became
increasingly persistent. 56.91% of victims experienced
only one DDoS attack in 2021, whereas victims were
more prone to multiple DDoS attacks once identified
as the target in 2022. The increasing attack persistence
undoubtedly puts a greater challenge to DDoS
protection.
DDoS attack persistence distribution (2021 and 2022)
Southeast Asia Remained a Hotspot for Cyberattacks
With the rapid regional economic

development and the rapid growth of
the Internet industry as well as a huge
number of connected young users,
DDoS attacks in Southeast Asia
increased significantly, accounting for
more than 40% in 2022 and ranking
first almost every month. Southeast
Asia became a hotspot for DDoS
attacks.
Distribution of regions mostly targeted by DDoS attacks in 2022
North America Was a Predominant Source of Application-layer

DDoS Attack Traffic
Different from network-layer DDoS attacks,
application-layer DDoS attacks feature complete
TCP connections and their attack source IPs cannot
be forged. If huge numbers of application-layer
attack source IPs have a high level of activity in a
region, it indicates that botnets are active there.
North America was the major source of application-
layer DDoS attacks, with the United States
contributing to 98.43%. It signals that the United
States is an active botnet region at present.
Distribution of attack sources for application-layer DDoS attacks
PAGE 4
Peru Was Hit Hardest by Application-layer DDoS Attacks
In 2022, Peru was the most targeted

country for application-layer DDoS
attacks. As developed countries, the
United States and the United Kingdom
ranked second and third.
Target distribution of application-layer DDoS attacks by country
DDoS Attacks Increasingly Targeted Critical Infrastructure
In 2022, DDoS attacks against critical

infrastructure increased, with the
largest number registered in
November.
The COVID-19 pandemic has caused

the global economic downturn.
Adversaries launching ransom DDoS
attacks are turning to attack critical
infrastructure, such as public
communication and information
services, finance, public services, e-
government, and critical network
facilities and information systems.
Critical infrastructure targeted by DDoS attacks by month in 2022
DDoS attackers attempt to exhaust the available resources of target networks, applications, or services, causing damage
to critical infrastructure that plays a vital role in business continuity. Their high downtime costs mean that the ransom is
more likely to be paid.
In recent years, DDoS botnets continue to exploit vulnerabilities to expand their reach. In 2022, the number of
vulnerabilities exploited by botnets in the wild reached 135. New vulnerabilities are integrated within a few hours after
disclosure. As a result, vulnerable hosts can be rapidly controlled and implanted with trojans before their vulnerabilities
are fixed.
Mirai, as one of the most active botnets, was observed to carry 77 medium and high-risk vulnerabilities in 2022, such as
Apache Log4j RCE vulnerability (CVE-2021-44228), F5 BIG-IP unauthorized RCE vulnerability (CVE-2022-1388), and
Spring4Shell RCE vulnerability (CVE-2022-22965). Initially compromising devices by exploiting weak passwords, Mirai
now evolves its tactics to exploit vulnerabilities for expanding its botnet. Mirai seeks every opportunity to infect more
hosts to expand the control range.
We can conclude that hacking groups have the ability to employ critical vulnerabilities at any time to expand their
botnet to large numbers of hosts for DDoS attacks, which poses a great threat to critical infrastructure.
PAGE 5
2. Attack Vectors
UDP-based Attacks Were Favored by Hackers
In terms of attack vectors, UDP-

based attacks ranked first,
accounting for about 60% of DDoS
attacks. SYN flood attacks dropped
to about 15%. As a popular attack
method in the past two years, TCP
reflection attacks represented 3%.
Distribution of DDoS attack vectors in 2022
All terabit attacks were UDP-based

attacks. One third of them were
reflective UDP attacks, and the
remaining two thirds were non-
reflective large UDP packet attacks.
It signals that DDoS attackers have
controlled extremely abundant
attack resources and they can
launch terabit-class attacks without
needing UDP reflection to amplify
traffic.
Distribution of vectors for terabit-class DDoS attacks in 2022
UDP attacks still made up the lion's

share of attacks greater than 100
Gbps, representing nearly 60%. The
percentage of large UDP packet
attacks exceeded that of reflective
UDP attacks. Large SYN packet
attacks accounted for nearly 20%,
ranking third. In addition, PSHACK
attacks made up a considerable
proportion.
Distribution of vectors for DDoS attacks larger than 100 Gbps in 2022
PAGE 6
UDP Fragment Flood Stood Out
In 2022, UDP flood attacks, SYN flood attacks, and UDP fragment flood attacks were top 3 network-layer DDoS attacks.
Compared to 2021, UDP flood attacks increased by 8.01%, and SYN flood attacks decreased by 15.08%. It is noteworthy
that UDP fragment flood attacks increased significantly. During a UDP fragment DDoS attack, attackers transmit forged
UDP packets which seem larger than the maximum transmission unit, but only part of which are sent actually. These
fragments cannot be reassembled by the server. When large numbers of fragments hit the targeted server, server
resources are sapped, ultimately making the server inaccessible.
Distribution of attack vectors for network-layer DDoS attacks in 2021 and 2022
Cloud9 Malicious Add-on, a New Attack Tool, Emerged for

Remote Control
Security community researchers discovered a new browser botnet named Cloud9, which uses malicious extensions to
steal online accounts, record keystrokes, inject ads and malicious JavaScript code, and enroll victim's browsers in DDoS
attacks. Cloud9 is actually a browser's remote access trojan (RAT), which allows attackers to execute commands
remotely. Cloud9 is not available in official browser web stores, but is spread through such channels as websites
promoting fake player updates.
Cloud9 consists of three JavaScript files for collecting system information, mining cryptocurrencies, performing DDoS
attacks, and injecting scripts that run browser exploits. The malware can use hosts to perform application-layer DDoS
attacks via HTTP POST requests to the target region.
Attackers Focused on Remote Login and Web Application

Services
Researchers examined victim ports and found that a majority of DDoS attacked services were telnet remote login service
via TCP port 23 and HTTPS service via TCP port 443.
As the pandemic in 2022 made working from home a new normal, the remote login service via TCP port 23 and file
transfer service via FTP port 21 became the most frequent targets of DDoS attacks. In addition, websites with high
security requirements, like online banking, shopping, and finance websites, generally adopt the HTTPS service. If such
websites come under DDoS attacks, huge economic loss will be incurred.
PAGE 7
Number of attack events on affected ports in 2022
The "Quick Spike" Attack Tactic Continued to Take Dominance

Nearly 70% of global DDoS attacks were shorter than 10 minutes, about 20% lasted 10 to 30 minutes, and the rest
exceeded 30 minutes. Currently, "quick spike" attacks prevail.
This type of DDoS attack sends a massive amount of

attack traffic to bombard the target in a short time,
which gives DDoS protection personnel relying on
manual security analysis a hard time to defend
against. When it happens, the DDoS protection
personnel cannot deploy protection in time. As is
often the case, they make an after-action review and
deploy protection rules to filter these attack
signatures for future alerting and mitigation. Once
this type of short-duration DDoS attacks is
successful, it may take hours or even days to restore
application service, requiring much labor effort.
DDoS attack duration in 2022
PAGE 8
3. Botnet Analysis
Distribution of Botnet Attack Activities
Mirai was the most active attack botnet in 2022,

contributing to 54% of botnet activities. The
Gafgyt and BillGates botnets ranked second and
third respectively. However, the XorDDoS botnet
that launched a large number of SYN packet
attacks in the past two years kept a low profile,
contributing to less than 10%.
Distribution of active botnets in 2022
Bot Distribution
Mirai was still the king of botnets and had the

largest number of bots, accounting for more than
40%. Gafgyt, BillGates, and XorDDoS had a
relatively close number of bots, accounting for
less than 20% respectively.
Number of bots in active botnets in 2022
The statistics show that the rate of

exploiting top 20 Linux/IoT critical
vulnerabilities was positively related to
the level of activity and the scale of
botnets in 2022. Mirai and Gafgyt
exploited nearly 100% of the top 20
vulnerabilities this year, and Mozi, a
relatively new player, exploited close to
60%, whereas XorDDoS experienced a
decline in these vulnerability exploits.
Keksec, an emerging hacker group,
exploited less than 3% of the top 20
vulnerabilities, and however, it was
gradually expanding the attack range in Exploitation of top 20 critical Linux/IoT vulnerabilities
its iterations.
PAGE 9
Botnet Command-and-Control Server Analysis
Mirai had the largest number of C&C

server terminals, accounting for nearly
80%. The botnet’s master C&C servers
were mainly distributed in North
America and Europe. DigitalOcean and
FranTech Solution were the cloud
service providers that hosted the most
botnet C&C servers.
Percentage of C& C servers of active botnets
Distribution of C& C servers by country in 2022
Cloud server vendors and Telcos affected with most C& C servers
PAGE 10
Analysis of Botnet Attack Instructions
Mirai launched nearly half of the DDoS attacks and reached the peak in July and August. The total number of attack
instructions of XorDDoS exceeded that of the traditional family Gafgyt. XorDDoS contributed to nearly 40% attack
activities in 2022.
The XorDDoS botnet family was

first observed at the end of
September 2014 to establish a
botnet capable of launching
DDoS attacks. XorDDoS prefers
brute-forcing the SSH weak
password of the target host,
then intrudes the target, and
then executes the Shell script
to install the XorDDoS
malicious family and malicious
RootKit for infecting hosts.
XorDDoS mainly targeted
China, the United States, and
other countries and regions.
Distribution of DDoS attack instructions by month in 2022
Percentage of DDoS attack instructions by active botnets
Distribution of Botnet targets by country in 2022
PAGE 11
The United States Became the Top Target for Botnet DDoS
Attacks
Botnet attacks generally aim for economic benefits, and the level of activity is closely related to the economic level in
the region. As the world's largest economy, the United States becomes the most frequent target of botnet attacks. In
2022, the most active Mirai botnet and well-known botnets like Gafgyt and XorDDoS all targeted the United States most.
China and Germany also suffered a large number of DDoS attacks launched by Mirai.
PAGE 12
4. Defense and Protection Confrontation Cases
Case 1: Protecting a Customer Against a Multi-Vector
Volumetric DDoS Attack
On December 2, 2022, a customer was under a high-volume DDoS attack, which was a UDP flood attack and whose
attack peak reached 1.45 Tbps. In the following week, more than 9 attack methods were employed and more than 40
attacks were launched against the customer. A majority of attacks used large UDP packets, and the rest mainly used
large ACK packets and PSHACK packets. 70% of attacks exceeded 100 Gbps, and nearly 50% of attacks were greater
than 500 Gbps.
Distribution of attack vectors
Distribution of peak attack traffic
The analysis of the attack source shows that one variant of Mirai participated in the attack and the two C&C IP addresses
captured were 157.XXX.102.XXX (located in Bangalore, India) and 138.XXX.65.XXX (located in Frankfurt, Germany)
respectively. Attackers used more than 40,000 bots worldwide to launch the attack.
PAGE 13
Case 2: Reflection/Amplification Attack Exploiting CVE-2022-
26143
In early March 2022, a customer in Latin
America experienced a UDP flood attack
whose attack traffic peaked at 66.9 Gbps.
The attack used a fixed source port 10074.
The in-depth analysis shows that it was a
reflection and amplification attack launched
by hackers exploiting the TP-240 driver
vulnerability
(CVE-2022-26143).
This vulnerability can lead to the abuse of a

public command of the TP-240 driver
service, which is designed to perform stress
testing on its clients for debugging and
performance testing. Attackers can use
specially crafted commands to cause the
TP-240 driver service to send larger
informative status update packets, thus
significantly improving the amplification
ratio. In theory, the amplification factor can
be 4,294,967,294.
After confirmation, NSFOCUS adjusted the

UDP protection policy of the protection
group on ADS, and limited the rate of UDP
traffic on port 10074 to ensure the
customer's business continuity.
Case 3: Large-Scale UDP Flood DDoS Attacks

In late 2022, an international customer in Latin America was under three large-scale UDP flood DDoS attacks that
peaked at 225.5 Gbps. After NSFOCUS cleaned the attack traffic, only 3.7-Gbps traffic was re-injected to the customer’s
network, indicating an attack mitigation efficiency of 98.8%.
When the customer was attacked, NSFOCUS’s security team rapidly offered emergency response by communicating
with the customer and conducting packet capture and analysis. The attacked IP address was found to provide an online
gaming service via UDP ports 27030 and 27055. The attacker sent a single query request to the server from a random
source with a complete protocol stack. The requests from these random sources had the same payload and the
messages were normal.
For the UDP flood attack on July 15, the mitigation efficiency was 98.87%.
PAGE 14
For the UDP flood attack on October 5, the mitigation efficiency was 98.88%.
For the UDP flood attack on October 27, the mitigation efficiency was 98.8%.
It was a small UDP packet attack in which the attacker used a random source. If the traditional rate limit was adopted,
the customer’s legitimate business traffic would be affected. After a closer look, NSFOCUS found more detailed attack
PAGE 15
signatures to block the attack source, without affecting the availability of customer business. A further analysis shows
that the TTL of all UDP attack packets was 251, whereas the default TTL of Windows or MacOS operating systems is 128
or 64. NSFOCUS concluded that the attack packet was crafted by an attack tool. Based on these attack signatures,
NSFOCUS immediately adjusted the protection policy for the customer, achieving a high filtering ratio across the attack
lifecycle and effectively ensuring normal business operations.
PAGE 16
5. Mitigation Challenges and Recommendations
Challenge 1
The terabit-level DDoS attack has become a real threat. It impairs attacked services and congests networks of operators,
further affecting other services of the equipment room.
Recommendation
As construction of an equipment room with super-large bandwidth will lead to a higher cost and lower bandwidth
utilization for organizations, they should turn to cloud computing vendors with massive protection bandwidth to defend
against terabit-level DDoS attacks, or leverage the cloud vendor's end-to-end integrated protection capabilities to
protect against attacks.
Challenge 2
Hacking groups constantly evolve. Their attack capabilities are changing and improving every day, and attack methods
are unpredictable. As ordinary organizations have limited security protection staff and resources, it is hard for them to
learn about the latest attack situation and defend against attacks. They stay in a passive position when confronting with
highly skilled hacker groups.
Recommendation
With professional security protection experts and massive attack and defense scenarios of customers, cloud computing
vendors should invest more in security protection to track the latest attack and defense situation and constantly iterate
protection strategies, offering comprehensive security capabilities to protect customers against threats.
PAGE 17
6. About NSFOCUS Cloud DPS
NSFOCUS’s Anti-DDoS devices have the largest market share in China and an industry-leading position in the
international market.
These Anti-DDoS devices are augmented by NSFOCUS’s unique threat intelligence from sources in China and outside.
NSFOCUS has established eight global cloud scrubbing centers, covering regions that are targeted by most DDoS
attacks, such as Asia Pacific, North America, Latin America, and Europe.
By using the Anycast technology, NSFOCUS is capable of combining near-source traffic scrubbing with service nodes
across the globe. The terabit-class scrubbing capacity provides customers with unlimited protection. NSFOCUS also has
a global backbone service network that provides support for customers through the nearest service node with the
lowest latency and maximum stability.
NSFOCUS Cloud DPS Service provides 24/7 service in multiple languages to assist customers with security management
and emergency response against attacks.
PAGE 18

www.nsfocusglobal.com
Prof. Elifas Fernandes Gorgonho Farias
Data:
DSM - NOITE Aluno(s): Visto do(s) aluno(s):
SORC - 2023/1 Pontuação:
A2 - LAB SORC
01/06/2023
RUBRICA DE AVALIAÇÃO - A2 - LAB SORC
Conectividade Nível IIS - Sites Nível APACHE - Sites Nível Desafio - Backups das configurações Nível GRUPO Nível
Ambos os servidores realizam seus
Os três servidores se comunicam É possível acessar os três sites a partir do É possível acessar os três sites a partir do backups através de scripts e Todos do grupo participaram da
via PING 2 cliente Windows 7 2 cliente Windows 7 2 agendador/crontab 3 avaliação 1
Dois dos três servidores se É possível acessar dois sites a partir do É possível acessar dois sites a partir do Um dos servidores realiza seus backups
comunicam via PING 1 cliente Windows 7 1 cliente Windows 7 1 através de scripts e agendador/crontab 1,5 Parte do grupo participou da avaliação 0
Os servidores não se comunicam É possível acessar um site a partir do É possível acessar um site a partir do cliente Nenhum dos servidores realiza seu
via PING 0 cliente Windows 7 0,5 Windows 7 0,5 Backup 0,5
DSM – SISTEMAS OPERACIONAIS E REDES DE COMPUTADORES
LABORATÓRIO SORC 2023/1 – PROF. ELIFAS
APOIO PARA AS CONFIGURAÇÕES DO APACHE – PARTE 1
Objetivo:
Configurar três(03) sites no APACHE (Em Linux)
• www.sorc.com
• www.cotia.com
• www.suaempresa2.com (escolha o nome e endereço que quiser para o site /
cuidado para não repetir o nome escolhido no IIS)
IMPORTANTE: Esse é um roteiro básico que deverá acompanhar as instruções do professor

em sala de aula
Máquinas utilizadas na aula de hoje:
• Cliente Windows 7
• Servidor Linux
Windows 7: Cliente
Usuário → Administrador
Senha → Fatec@20223
Linux CentOS: Servidor APACHE

Usuário → root
Ao inicializar a máquina virtual pela primeira vez, utilizar a opção “I

Moved It”
Passo 1:
Colocar as duas máquinas virtuais na mesma rede (LEMBRTE: Você já colocou o Windows 7
na mesma rede do Windows Server, insira o Linux na mesma rede)
(Passo já apresentado nas tarefas do IIS / Inserir na mesma rede utilizada no IIS)
Ao logar no Linux, abrir o terminal: botão direito na área de trabalho / abrir terminal
Configurar o IP no seguinte esquema:
Linux: 192.168.56.100 - 255.255.255.0
Configuração do IP no Linux
Arquivo com as configurações de rede: /etc/sysconfig/network-script/ifcfg-eth0
Para abrir o arquivo, utilize o comando vim

Agora ajuste as configurações
O campo HWADDR (mac address) deverá corresponder ao mac address gerado pelo VMWARE
As vezes é necessário apagar o arquivo /etc/udev/rules.d/70-persistent-net.rules (Isso é

específico no uso de máquinas virtuais quando o MAC ADDRESS não é reconhecido no Linux) e
reiniciar o servidor
Por enquanto, deixem o firewall desativado com o comando service iptables stop
Outra configuração utilizada especificamente nesse caso, será desativarmos o SELINUX
/etc/selinux/config
Testar rede entre as máquinas (PING)
Possíveis problemas:
• Rede virtual VMWARE

• Firewall
Passo 2:
Iniciar o APACHE no Linux Centos
Comando: service httpd start
Passo 3:
Criar a estrutura básica das patas para os sites
Pasta principal /sites
Subpastas (pastas dos sites): www.sorc.com www.cotia.com www.suaempresa2.com
Comando para criar as pastas: mkdir
Criar um index.html em cada pasta
Exemplo:
<HTML>
Página TESTE APACHE
</HTML>
Comando para criar um novo arquivo: VIM

(Esse comando também é utilizado para editar os arquivos)
Passo 4:
Iniciar configuração dos sites (Nesse exemplo trabalharei com o site
www.suaempresa2.com)
Ir até a pasta do APACHE aonde fica seu principal arquivo de configuração, o HTTPD.CONF
/etc/httpd/conf
Abrir o arquivo e configurar o site, conforme exemplo abaixo:
Comentar a linha DocumentRoot (Colocar # na linha)

Criar o virtual host do site, nesse exemplo www.suaempresa2.com
Reiniciar o serviço do Apache

Comando: service httpd restart
Passo 5:
Ajustar a resolução de nome
Acessar o Windows 7
Ajustar no arquivo hosts o acesso ao site no IP do servidor Linux (mesmo procedimento

realizado na tarefa do IIS)
Fazer o teste de acesso ao site:

APOIO PARA AS CONFIGURAÇÕES DO IIS – PARTE 1
Objetivo:
Configurar três(03) sites no Microsoft IIS
• www.fatec.com
• www.dsm.com
• www.suaempresa.com (escolha o nome e endereço que quiser para o site)
IMPORTANTE: Esse é um roteiro básico que deverá acompanhar as instruções do professor

em sala de aula
Máquinas utilizadas na aula de hoje:
• Cliente Windows 7
• Servidor Windows
Local físico: C:\SORC – ELIFAS 2023 (ou outro)
Windows 7: Cliente
Windows 2012 R2: Servidor IIS

Passo 1:
Colocar as duas máquinas virtuais na mesma rede
Ou
Configurar o IP no seguinte esquema:
Windows 7: 192.168.56.200 - 255.255.255.0
Windows 2012 R2: 192.168.56.110 - 255.255.255.0
Testar rede entre as máquinas (PING)
Possíveis problemas:
• Rede virtual VMWARE

• Firewall do Windows
Passo 2:
Adicionar o IIS no Windows Server
(Atenção aos passos adicionais que serão apresentados pelo Professor)
Selecionar as opções adicionais de LOG, Autenticação/Restrição de IP e Redirecionamento de

Site
Passo 3:
Criar a estrutura básica das patas para os sites
Pasta principal C:\SITES
Subpastas (pastas dos sites): www.fatec.com . www.dsm.com , www.suaempresa.com
Criar um arquivo index.html em cada pasta
Exemplo:
<HTML>
Página TESTE IIS
</HTML>
Passo 4:
Iniciar configuração dos sites (Nesse exemplo trabalharei com o site www.testeiis.com)
Abrir o IIS
Criar a APP POOL de cada Site

Criar os sites no IIS

Criar um local para os LOGS desse site (dentro da pasta do site, EX:
C:\SITES\www.testeiis.com\logs) e ajustar nas configurações do site
Passo 5:
Ajustar a resolução de nome
Acessar o Windows 7
Fazer um teste de ping no site www.testeiis.com
Como ainda não temos servidor de DNS nesta estrutura, iremos ajustar no arquivo hosts
(c:\windows\system32\drivers\etc\hosts)
Após esse ajuste, fazer novamente o teste

Caso esteja ok, o site poderá ser acessado

APOIO PARA AS CONFIGURAÇÕES DO IIS – PARTE 2
Objetivos
• Manipulação de LOGS
• Ajuste de página padrão
• Restrição por IP (Intranet x Extranet)
• Backup e restore
Na aula anterior, ajustamos no IIS para que cada site grave seus logs em uma pasta
específica (Exemplo: c:\sites\www.testeiis.com\logs)
Podemos ajustar a periodicidade do rotacionamento desse log, por padrão ele vem
com a opção “diariamente” marcada, costumo utilizar a mesma configuração, mas isso
pode ser alterado de acordo com suas necessidades
O que isso significa?

Haverá um arquivo de log por dia
Para simularmos o uso do LOG, realize alguns acessos utilizando os navegadores IE e FIREFOX
na máquina virtual Windows 7 cliente
Verifique na pasta o LOG e tente interpretar o seu conteúdo.

Ajustando página padrão

Na aula anterior, publicamos as páginas com o arquivo INDEX.HTML como página default, essa
opção é personalizável
Opção padrão
Personalizado
Tarefa: Altere o arquivo de página padrão dos quatro sites publicados
• www.fatec.com → fatec.html
• www.dsm.com → dsm.html
• www.suaempresa.com → suaempresa.html
Criando restrição por IP

Em alguns casos, por exemplo na configuração de uma Intranet, pode ser útil configurar para
que determinado IP não possa acessar algum site em específico dentro do IIS
Primeiro você define se o padrão é permitir ou bloquear o acesso, para depois configurar as
exceções
Considerando o padrão acima (acesso permitido), abaixo vamos criar uma regra de bloqueio,
essa regra poderá ser ou IP específico ou rede, utilizando sua máscara
No exemplo abaixo bloquearemos a rede 192.168.70.0/24 de acessar o site

Realizando Backup e Restore das configurações do IIS e arquivos dos Site

Na hora de fazer o backup do IIS e das páginas, precisamos pensar em duas situações:
• Fazer Backup das pastas e arquivos dos sites

o No ambiente que estamos usando como exemplo, bastaria fazer cópia da
pasta C:\Sites
• Fazendo Backup das configurações do IIS

o O backup acima iria garantir a cópia dos sites e de seus arquivos, porém seria
necessário reconfigurar todo o IIS, no exemplo abaixo iremos realizar um
backup das configurações do IIS, isso além de ser útil no caso de algum
desastre com o servidor pode servir para que o administrador do IIS realize um
backup antes de alterar as configurações
o O executável appcmd.exe serve para isso, ele é dividido em quatro funções
(Importante, você deverá executá-lo como administrador)
o Fazer Backup do IIS:

▪ c:\windows\system32\inetsrv\appcmd.exe add backup “BKP1”
(Nesse caso estou criando um backup com o nome BKP01)

Esse backup foi criado na pasta C:\Windows\System32\inetsrv\backup, portanto caso deseje

copiar esse backup para outro local (recomendado), basta copiar essa pasta
o Listar os backups que foram realizados:

▪ c:\windows\system32\inetsrv\appcmd.exe list backup
o Restautar um Backup
▪ c:\windows\system32\inetsrv\appcmd.exe restore backup “BKP1”
▪ Nesse exemplo, irei deletar alguma configuração do IIS e realizar o
restore
▪ Deletando as configurações do site www.testeiis.com
Realizando o restore
Agora basta voltar no IIS e apertar F5, as configurações do site retornaram
o Deletar um Backup
▪ c:\windows\system32\inetsrv\appcmd.exe delete backup “BKP1”
Caso precise por algum motivo deletar um backup do IIS, o comando realiza essa função
Tarefa: Faça backup e restore dos seus sites.

SISTEMAS OPERACIONAIS E
REDES DE COMPUTADORES
Aula 1 – Introdução e visão geral
2023/1
Prof. Elifas – elifas.farias@fatec.sp.gov.br

APRESENTAÇÃO DA DISCIPLINA
 Professor
 Elifas
 Oriundo da área de TI (Sistemas de Informação / Segurança
/ Redes de Computadores)
 Atuação na área de TI: 2000 – 2020*
 Atuação na FATEC: desde 2013
 Atuação como Empresário: desde 2018

 Objetivos de Aprendizagem
 Compreender sobre as características do
gerenciamento de processos, arquivos, memória,
entrada e saída de um Sistema Operacional.
 Definir os conceitos de Internet, Intranet, Extranet e
arquitetura Cliente - Servidor.
 Identificar modelos de referência de arquitetura de
redes e seus protocolos de comunicação buscando a
aplicação desses conceitos no desenvolvimento de
sistemas.
 Ementa
 Visão Geral, Introdução à Sistemas Operacionais.
Conceitos Básicos de Hardware e Software.
Concorrência em Sistemas Operacionais. Estrutura
do Sistema Operacional. Processos e Threads.
Sincronização e Comunicação entre Processos.
Gerencia do Processador. Gerencia de Memória e
Memória Virtual. Sistemas Operacionais
distribuídos. Sistemas Operacionais de Rede.
Protocolos de comunicação.
 Metodologia proposta
 Aulas Expositivas. Aprendizagem Baseada em
Projetos/Problemas. Estudo de Caso Real. Para o
conteúdo de Redes de Computadores atividades
práticas baseadas em situações reais.
 Bibliografia
 Básica
 MACHADO, F. B.; MAIA, L. P. Arquitetura de Sistemas
Operacionais. 5ed. São Paulo: LTC, 2013.
 TANENBAUM, A. S.; BOS, H. Sistemas Operacionais
Modernos. 4 ed. São Paulo: Pearson, 2016.
 TANENBAUM, A. S.; STEEN, M. V. Sistemas Distribuídos:
princípios e paradigmas. 2 ed. São Paulo: Pearson, 2007.
 Complementar
 SILBERSCHATZ, A.; GALVIN, P. B.; GAGNE, G.
Fundamentos de Sistemas Operacionais. 9 ed. São Paulo: LTC
2017
 TANENBAUM, A. S. et al. Sistemas Distribuídos: princípios e
paradigmas. 2 ed. São Paulo: Prentice Hall, 2007.
 COULOURIS, George F. et al. Sistemas distribuídos: conceitos
e projeto. 4 ed. Porto Alegre: Bookman, 2007.
 Bibliografia
 Andrew Stuart Tanenbaum.
 Lista de chamada
 21 faltas = Reprovado
 Alunos fora da lista = Devem reguralizar sua
situação na secretaria da FATEC. A regularização é
responsabilidade do aluno
 CHAMADA ONLINE!!!
 Alunos que não estiverem regularizados não poderão

realizar as atividades avaliativas
 A busca pelo conteúdo perdido em caso de ausência é

de total responsabilidade do aluno
 Contato via e-mail
 Informações da turma
 Dúvidas
 Envio de trabalhos (quando esse tipo de entrega for
combinado)
elifas.farias@fatec.sp.gov.br
(Mensagens fora desse e-mail serão ignoradas)
 Representante da sala
 Responsável por encaminhar as mensagens para a turma
 Enviar os dados de contato (e-mail e WhatsApp)
 Contato via WhatsApp somente com o representante da
turma
 Método de avaliação
 Padrão FATEC COTIA
 (A1 + P1 + A2 + P2*2)/5
 A1 – Seminário
 A2 – LAB SORC
 P1 – Prova 1º período
 P2 – Prova 2º período (TODO O CONTEÚDO)
 Atividades em sala: Acrescentam até 1 ponto na média

final
 Pesquisas
 2022/1 – Algumas sugestões dos alunos

 Aprofundar nos comandos Linux
 Simulado
 Maior ênfase nos seminários
 Manter esquema de gravação no Teams
 Passo a passo com mais detalhes
 Maior acompanhamento dos alunos ausentes
 Sugestões que irei implementar

 Comandos Linux: haverá uma tarefa sobre isso
 Simulado: será realizado
 Seminários: Irei utilizar RUBRICA
 Gravação: Apenas na parte das máquinas virtuais
 Sugestões que não irei implementar

 Passo a passo com mais detalhes
 Maior acompanhamento dos alunos ausentes
 Laboratório SORC
 Configuração de redes virtuais
 Configuração de servidor Web em plataforma Linux
 Configuração de servidor Web em plataforma Windows
 Tarefas automáticas
 Backups
 Complementos básicos
 DNS
 Comandos no Linux
 Instalação de pacotes no Linux
 Adicionar recursos no Windows
 Firewall
 Servidor de arquivos
 Scripts
 Laboratório SORC – 2023/1
 Ambiente virtualizado
Servidor Windows
Cliente Windows
Servidor Linux
 Ambiente virtualizado
 Utilização de VMWARE no LAB
 Utilizar as máquinas da pasta
 Não deletar
 Cada aluno(ou grupo) é o responsável pelo seu Backup
 Quem desejar pode usar seu equipamento pessoal

 OBS: não será permitido conectar o equipamento na rede
 Entrega/Apresentação das atividades - A2
 Haverão datas específicas para as entregas
 Todos os alunos do grupo deverão estar aptos a explicar
todo o funcionamento do LAB

 A nota será igual para todos os membros do Grupo
 Microsoft Teams - Ambiente Virtual de
Aprendizagem
 Extensão da sala de aula
 @fatec.sp.gov.br
 Divulgação de notas
 Disponibilização dos slides
 Entrega de algumas atividades
 Status das atividades
 Vídeos
 Dúvidas?
 Tudo combinado?
 Podemos começar?
SORC
Nós vamos
programar! SO e
Redes não são
problemas
nossos!
Imagem: Adobe Stock

SORC
 Sistema Operacional
 O que é?
SORC
 Para que serve?
SORC
 Arquitetura
SORC
 Quais sistemas operacionais vocês conhecem?
SORC
SORC
SORC
SORC
SORC
Nós vamos
programar! SO e
Redes não são
problemas
nossos!
Imagem: Adobe Stock

SORC
 Servidores
Imagem: Adobe Stock

SORC
Nós vamos
programar! SO e
Redes não são
problemas
nossos!
Imagem: Adobe Stock

SORC
 Conectividade
Imagem: Adobe Stock

SORC
Nós vamos
programar! SO e
Redes não são
problemas
nossos!
Imagem: Adobe Stock

SORC
 Sua aplicação
 Vai ficar hospedada em algum SO
 Vai ser utilizada em algum SO
 Vai precisar de conectividade
SORC
 Atividade em sala de aula
 Windows
 Linux
 MacOS
 ChromeOS
SISTEMAS OPERACIONAIS E
REDES DE COMPUTADORES
Revisão para a P1
2023/1
Prof. Elifas – elifas.farias@fatec.sp.gov.br

REVISÃO PARA P1
 IMPORTANTE:
 P1 – 20/04
 Alunos A-J: 19-20h40
 Alunos K-Z: 21h-22h40
 Assuntos P1
 LAB SORC (tarefas realizadas até o momento)
 Sistemas Operacionais
 Sistemas Operacionais de Redes
 Servidores Web
REVISÃO PARA P1
 SISTEMAS OPERACIONAIS
 Andrew Stuart Tanenbaum.
 O que é?
 Pra que serve?
 Sistema E/S (I/O)
 Entrada / Processamento / Saída
 Arquitetura
 Exemplos de SO
 Servidores
 Conectividade
REVISÃO PARA P1
 SISTEMAS OPERACIONAIS DE REDE
 SOL
 SOR
 Transparente para o usuário
REVISÃO PARA P1
 Como funciona?
 Processamento dividido entre cliente e servidor
 Módulo redirecionador
 SORC
 Cliente
 SORS
 Servidor
REVISÃO PARA P1
 Arquitetura
 Peer-to-Peer
 Pontos positivos:
 Segurança
 Alta disponibilidade
 Recursos distribuídos
 Pontos negativos
 Desempenho
 Ataques de DDOS
 “Man in the Middle”
 Worms
 Contaminação de arquivos
REVISÃO PARA P1
 Arquitetura
 Cliente-Servidor
 Servidor dedicado
 Servidor não dedicado
Peer-to-peer
Servidor não
dedicado
REVISÃO PARA P1
 Modelo OSI
REVISÃO PARA P1
 Modelo OSI
 7 Aplicação
 Interface com aplicativos
 HTTP, FTP
REVISÃO PARA P1
 Modelo OSI
 6 Apresentação
 Compressão
 MPEG, JPEG
 Criptografia
 SSL
REVISÃO PARA P1
 Modelo OSI
 5 Sessão
 Controle se sessão entre os aplicativos
 Iniciar / manter / finalizar
 SSH
REVISÃO PARA P1
 Modelo OSI
 4 Transporte
 Conexão entre os hosts
 Portas
 TCP, UDP
REVISÃO PARA P1
 Modelo OSI
 3 Rede
 Endereço lógico
 IP, ICMP
 Roteadores
REVISÃO PARA P1
 Modelo OSI
 2 Enlace de dados
 Endereço físico
 Switch
 Ethernet
REVISÃO PARA P1
 Modelo OSI
 1 física
 Hardware
 Meios de transmissão
 Cabos de rede
REVISÃO PARA P1
 Modelo OSI
REVISÃO PARA P1
 SERVIDORES WEB
 Mercado
 Um profissional da área de sistemas precisa conhecer um
servidor Web?
 Sim, hoje em dia é muito comum que as empresas
possuam website
 Sim, as aplicações Web cada vez crescem mais devido ao
seu conceito multiplataforma
 Sim, com isso existem inúmeras oportunidades de
trabalho
 E o principal?
 Cada vez mais, existem negócios totalmente focados na

Web
REVISÃO PARA P1
 SERVIDORES WEB
 Conceito
 Protocolos
 Página estática
 Página dinâmica
REVISÃO PARA P1
 SERVIDORES WEB
 Protocolos
 HTTP
 HTTPS
 FTP
REVISÃO PARA P1
 SERVIDORES WEB
 Protocolos
 HTTP
 Camada 7(Aplicação)
REVISÃO PARA P1
 SERVIDORES WEB
 Protocolos
 HTTPS/SSL / Camada 6(Apresentação)
SSL
REVISÃO PARA P1
 SERVIDORES WEB
 Página estática
 HTML puro
 Sem processamento no servidor
REVISÃO PARA P1
 SERVIDORES WEB
 Página dinâmica
 ‘engine’
 Processamento no servidor
REVISÃO PARA P1
 SERVIDORES WEB
 Apache
 Fundação Apache
 Origem: NCSA
 Continuidade: Fórum de atualizações na Internet
 1ª versão: 1995
 Código aberto
 Solução livre
 Módulos
 Só funciona no Linux?
 NÃO!!!
 Windows
 Mac
 Outros
REVISÃO PARA P1
 SERVIDORES WEB
 NGINX
 1ª versão: 2005
 Acumula várias funções
 Servidor Web
 Proxy
 Proxy reverso
 Balanceador
 Mais leve que o Apache
 Comprado pela f5 em 2019
 +ou- USD 670.000.000,00

REVISÃO PARA P1
 SERVIDORES WEB
 Internet Information Services (IIS)
 Funciona apenas em plataforma Windows
 Integrado com o SO
 Kernel
 User mode
 Solução paga
 App pool
 “Professor, eu já vi IIS em Linux”
 A arquitetura do IIS é baseada no Windows

REVISÃO PARA P1
 SERVIDORES WEB
 Qual tecnologia é mais utilizada?
JAN/2022
• NGINX: 32%
• APACHE: 29%
• IIS: 4%
http://news.netcraft.com/archives/category/web-server-survey/
REVISÃO PARA P1
 SERVIDORES WEB
 Qual tecnologia é mais utilizada?
Adobe APACHE
Apple APACHE
CNN APACHE
Facebook APACHE
Globo APACHE
Mercado Livre APACHE
Microsoft IIS
MSN IIS
Terra APACHE
Wikipedia APACHE
Youtube APACHE
REVISÃO PARA P1
 SERVIDORES WEB
 E as vulnerabilidades?
 Fonte: http://br.zone-h.org/archive/special=1
REVISÃO PARA P1
 SERVIDORES WEB
 Qual tecnologia é a melhor?
 Quem configurou?
 Qual a preocupação com a segurança?
 Qual a topologia?
 Como foi elaborado o projeto?
 Quais recursos foram disponibilizados?

REVISÃO PARA P1
 BOA PROVA!

SORC

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SORC

Uploaded by

Copyright:

Available Formats

2022

DDoS attack trends (2021 and 2022)

High-Volume DDoS Attacks Were on the Rise

In 2022, the number

Distribution of peak DDoS attack traffic by month in 2022

Distribution of terabit-level DDoS attack traffic by month in 2022

In 2022, the number of attacks

Trend of high-volume DDoS attack traffic larger than 100 Gbps

High-volume attacks larger than 100

The analysis on the attacked frequency of targets

DDoS attack persistence distribution (2021 and 2022)

Southeast Asia Remained a Hotspot for Cyberattacks

With the rapid regional economic

Distribution of regions mostly targeted by DDoS attacks in 2022

North America Was a Predominant Source of Application-layer

Distribution of attack sources for application-layer DDoS attacks

In 2022, Peru was the most targeted

Target distribution of application-layer DDoS attacks by country

DDoS Attacks Increasingly Targeted Critical Infrastructure

In 2022, DDoS attacks against critical

The COVID-19 pandemic has caused

Critical infrastructure targeted by DDoS attacks by month in 2022

In terms of attack vectors, UDP-

Distribution of DDoS attack vectors in 2022

All terabit attacks were UDP-based

UDP attacks still made up the lion's

Cloud9 Malicious Add-on, a New Attack Tool, Emerged for

Attackers Focused on Remote Login and Web Application

The "Quick Spike" Attack Tactic Continued to Take Dominance

This type of DDoS attack sends a massive amount of

DDoS attack duration in 2022

Mirai was the most active attack botnet in 2022,

Distribution of active botnets in 2022

Mirai was still the king of botnets and had the

Number of bots in active botnets in 2022

The statistics show that the rate of

Mirai had the largest number of C&C

Percentage of C& C servers of active botnets

Distribution of C& C servers by country in 2022

The XorDDoS botnet family was

Percentage of DDoS attack instructions by active botnets

Distribution of Botnet targets by country in 2022

Distribution of attack vectors

Distribution of peak attack traffic

This vulnerability can lead to the abuse of a

After confirmation, NSFOCUS adjusted the

Case 3: Large-Scale UDP Flood DDoS Attacks

APOIO PARA AS CONFIGURAÇÕES DO APACHE – PARTE 1

IMPORTANTE: Esse é um roteiro básico que deverá acompanhar as instruções do professor

Máquinas utilizadas na aula de hoje:

Linux CentOS: Servidor APACHE

Ao inicializar a máquina virtual pela primeira vez, utilizar a opção “I

Configurar o IP no seguinte esquema:

Linux: 192.168.56.100 - 255.255.255.0

Arquivo com as configurações de rede: /etc/sysconfig/network-script/ifcfg-eth0

Para abrir o arquivo, utilize o comando vim

Agora ajuste as configurações

As vezes é necessário apagar o arquivo /etc/udev/rules.d/70-persistent-net.rules (Isso é

Outra configuração utilizada especificamente nesse caso, será desativarmos o SELINUX

Testar rede entre as máquinas (PING)

• Rede virtual VMWARE

Iniciar o APACHE no Linux Centos

Comando: service httpd start